Daily Tech Digest - August 17, 2018


Android 9 Pie is a massive, AI-infused software update, and it’s generally a pleasure to use. The handful of features made possible by machine learning are helpful additions, but there’s much more to Pie than that. Google has done a lot nipping and tucking to make Android itself easier to use, and some system-level changes give the platform room to grow in some important ways. Not everyone will love the changes Google made here -- power users in particular -- but overall, it’s a thoughtful, worthy update that will only get better when even more features arrive later this year. That's all because Google built Android 9 Pie to pay more attention to what you do, and to help out accordingly. That suggestion wasn't random: It was based on behavior that Android picked up on. Beyond that, there are plenty of important system-level improvements and a handful of tweaks that make Android more pleasant to use. There's still plenty of work to be done, but after using the update (in its various forms) for a while, I can confidently say Google's efforts are paying off.



Improving testing architecture when moving to microservices


Before Gamesys rethought its testing architecture, its software development was split across client-side and core development teams. The client team focused on front-end application development, while the core team focused on back-end services. However, these separate teams often managed the same swaths of code, which caused a variety of communication and testing challenges. The back-end application was a monolith. If someone on the client team sought to add functionality, such updates would have to integrate with services on the monolith. Bugs sometimes required fixes on the back end. "As the situation got more complex, the synchronization between the client and core teams would get sloppy," Borys said. The overlapping responsibility and complexity of a monolithic architecture led to release delays. Gamesys shifted to a microservices approach, which made it easier to decouple application functionality across the entire stack.


Increasing Security with a Service Mesh


In some cases, security is an afterthought, and we try to shoehorn it into our apps at the last possible moment. Why? Because doing security right is hard. For example, something foundational like "encrypting application traffic" should be commonplace and straightforward, right? Configuring TLS/HTTPS for our services should be straight forward, right? We may have even done it before on past projects. However, getting it right in my experience is not as easy as it sounds. Do we have the right certificates? Are they signed by the CA that the clients will accept? Are we enabling the right cipher suites? Did I import that into my truststore/keystore properly? Wouldn't it just be easy to enable the “--insecure” flag on my TLS/HTTPS configuration? Mis-configuring this type of thing can be extremely dangerous. Istio provides some help here. Istio deploys sidecar proxies (based on Envoy proxy) alongside each application instance that handles all of the network traffic for the application.


Australia appoints information and privacy commissioner

"Falk has extensive experience delivering the functions of independent regulators and a track record of working across Commonwealth and state agencies, business, and the community in law, policy, and education," Porter said on Friday. "The commissioner role is critical to helping ensure the privacy of Australians, particularly in the online environment." Australia's Notifiable Data Breaches scheme requires organisations covered by the Privacy Act 1988 to notify individuals whose personal information is involved in a data breach that is likely to result in "serious harm" as soon as practicable after becoming aware of a breach. During Falk's tenure as acting privacy commissioner, the Office of the Australian Information Commissioner (OAIC) opened an investigation into the Facebook-Cambridge Analytica improper use of data after revealing that more than 311,127 Australians were caught up in the scandal. The investigation, kicked off in April, will consider whether Facebook breached the Privacy Act. "All organisations that are covered by the Privacy Act have obligations in relation to the personal information that they hold," Falk said at the time.


IoT on the edge: revolutionary use cases create new privacy concerns


Emerging use cases for IoT and video are even more concerning. Retailers have been piloting systems that identify shoppers when they enter a store by sensing their mobile devices. Advancements are allowing retailers to use security camera footage to capture shoppers’ faces and identify individuals in real time. From here, retailers can identify a shopper’s age, gender, ethnicity and other visual attributes; track their movements, actions and sentiments throughout the store; and create and compile shopping profiles based on this and other data. In another innovative use case, artificial intelligence-assisted video-monitoring software can simultaneously process footage from dozens of security cameras and identify abnormal and potentially criminal or dangerous situations, including theft or violence. Using the technology, one university in Australia has been able to thwart a variety of criminal events from bike theft to assault during if not before the crimes occur.


As CTO you are responsible for both engineering and product

To succeed, CTOs need to have a deep understanding of the market they operate in and a broad knowledge across lots of different technologies. “The ability to go very deep very quickly on any single technology,” is essential, said Weinberg. What’s the best way to understand the market? According to Weinberg, the best way is to surround yourself by people who can feed you key information and insights. “That way you can distill information into patterns and opportunities, and act upon them. In my case, the person I rely on for this is my co-founder and CEO.” ... This is slightly paradoxical, as engineers and product people are typically very different types of people. “You can reason with engineers using cold logic, and most of the time there is quantifiable right or wrong answer,” said Weinberg. “With product design, there is typically no strict right or wrong answer. Everything needs to be debated subjectively, alternate theories need to be compared and decisions often need to be made based on intuition.”


How to protect your privacy in Windows 10

face superimposed on keyboard privacy hacker
You can turn that advertising ID off if you want. Launch the Windows 10 Settings app (by clicking on the Start button at the lower left corner of your screen and then clicking the Settings icon, which looks like a gear) and go to Privacy > General. There you'll see a list of choices under the title "Change privacy options"; the first controls the advertising ID. Move the slider from On to Off. You'll still get ads delivered to you, but they'll be generic ones rather than targeted ones, and your interests won't be tracked. ... Wherever you go, Windows 10 knows you're there. Some people don't mind this, because it helps the operating system give you relevant information, such as your local weather, what restaurants are nearby and so on. But if you don't want Windows 10 to track your location, you can tell it to stop. ... You can turn it off on a user-by-user basis as well — so if you have several people with different accounts using the same device, they can each turn location tracking on or off. To turn location tracking on or off for any single account, sign into the account, head back to this same screen and, instead of clicking Change, go to the slider beneath the word "Location" and move it to On or Off.


The road to effective bot development in DevOps environments


The important thing to understand is that repository webhooks provide the means by which bots can interact with a source code repository and perform instructive validation as part of their response behavior. There's already a good deal of work to do with repository bot development. Probot provides a framework that simplifies bot writing by adding a wrapper around the GitHub webhook architecture. The framework makes programming easier. Kore.ai is a bot development tool that allows developers to create fairly powerful bots using a low-code, graphical interface. A Kore.ai bot can be integrated with Bitbucket, GitHub and GitLab. Tools such as these will make bot development a lot easier. However, just because you can make a bot does not necessarily mean you have a useful bot. Believe me, the world does not need another confusing session with a chatbot. One bot that does one thing really well is better than an army of bots that cause confusion and frustration.


Avoiding the reference data quagmire

A company can put master data management (MDM) in place and make a tremendous effort to ensure its data quality. It can take pains to develop good data governance procedures and invest in leading-edge analytics technologies to make the most of its data. But any errors in its reference data can undermine all of these initiatives. Reference data is a non-volatile and slow-moving subset of enterprise data. It is often standardized by external bodies and businesses generally use the same reference data throughout their operations. Examples include country codes, SIC codes, currencies and measurement units. Typically, companies make use of several applications that feature drop-down lists of reference data, and may have various forms that are prefilled with certain reference data. To keep this data synchronized, some companies rely on reference data management or RDM.


New Trickbot Variant Touts Stealthy Code-Injection Trick


Upon execution, the malware sleeps for 30 seconds to evade sandboxes (by calling Sleep(30000)), and it then decrypts a dynamic link library file (named “shellcode_main,” which contains instructions that other programs can call upon to do certain things), which is then mapped to a buffer. Like older samples of Trickbot, researchers observed this newest variant make use of a technique called process-hollowing for unpacking. Instead of injecting code into the host program, Trickbot unmaps — or hollows out — legitimate code from target’s memory, and then overwrites the memory space with a malicious executable. First, a suspended process is created by the malware using CreateProcessW, which is then used to obtain a handle and copy the handle to a buffer, essentially re-reading and re-mapping that handle for various functions. These functions include unmapping the original malware module, creating a section to write the malicious code onto, mapping out the hollowed process, and resuming the suspended process and starting execution.



Quote for the day:


"If you find a path with no obstacles, it probably doesn't lead anywhere." -- Frank A Clark